From b87bd57ad010ee6f091f77b8b1f653afafc0e4c7 Mon Sep 17 00:00:00 2001 From: elijah Date: Sun, 28 Jul 2013 18:14:01 -0700 Subject: added webapp.secure flag (turns on secure cookies and HSTS) --- provider_base/services/webapp.json | 3 ++- puppet/modules/site_webapp/templates/config.yml.erb | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 55331274..ed039b01 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -13,7 +13,8 @@ "allow_unlimited_certs": "= global.provider.service.allow_unlimited_bandwidth", "allow_anonymous_certs": "= global.provider.service.allow_anonymous", "secret_token": "= secret :webapp_secret_token", - "api_version": 1 + "api_version": 1, + "secure": false }, "stunnel": { "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)" diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb index df562cd9..8b4b3bbe 100644 --- a/puppet/modules/site_webapp/templates/config.yml.erb +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -2,6 +2,7 @@ production: admins: [admin] domain: <%= @provider_domain %> + force_ssl: <%= @webapp['secure'] %> client_ca_key: <%= scope.lookupvar('site_webapp::client_ca::key_path') %> client_ca_cert: <%= scope.lookupvar('site_webapp::client_ca::cert_path') %> secret_token: "<%= @secret_token %>" -- cgit v1.2.3